Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Infotecs ViPNet Client和Coordinator 权限许可和访问控制问题漏洞
Vulnerability Description
Infotecs ViPNet Client和Coordinator都是德国Infotecs公司的产品。Infotecs ViPNet Client是一套基于软件的VPN解决方案的客户端;Coordinator是服务端。 Infotecs ViPNet Client和Coordinator 4.3.2-42442之前的版本中存在安全漏洞,该漏洞源于错误的文件夹权限和缺少完整性和身份验证检测。本地攻击者可通过向更新文件夹中安置恶意的ViPNet更新文件利用该漏洞获取特权。
CVSS Information
N/A
Vulnerability Type
N/A